CN104518864B - Utilize segmentation and then power line communication (PLC) network node of encryption safe - Google Patents

Utilize segmentation and then power line communication (PLC) network node of encryption safe Download PDF

Info

Publication number
CN104518864B
CN104518864B CN201410520593.4A CN201410520593A CN104518864B CN 104518864 B CN104518864 B CN 104518864B CN 201410520593 A CN201410520593 A CN 201410520593A CN 104518864 B CN104518864 B CN 104518864B
Authority
CN
China
Prior art keywords
frame
segment identifiers
plc
segment
message integrity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410520593.4A
Other languages
Chinese (zh)
Other versions
CN104518864A (en
Inventor
K·维亚雅三克尔
R·为丹特姆
T·潘德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Texas Instruments Inc
Original Assignee
Texas Instruments Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Texas Instruments Inc filed Critical Texas Instruments Inc
Priority to CN201910191548.1A priority Critical patent/CN109905246B/en
Publication of CN104518864A publication Critical patent/CN104518864A/en
Application granted granted Critical
Publication of CN104518864B publication Critical patent/CN104518864B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F15/177Initialisation or configuration control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B3/00Line transmission systems
    • H04B3/54Systems for transmission via power distribution lines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B3/00Line transmission systems
    • H04B3/54Systems for transmission via power distribution lines
    • H04B3/542Systems for transmission via power distribution lines the information being in digital form
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B2203/00Indexing scheme relating to line transmission systems
    • H04B2203/54Aspects of powerline communications not already covered by H04B3/54 and its subgroups
    • H04B2203/5404Methods of transmitting or receiving signals via power distribution lines
    • H04B2203/5408Methods of transmitting or receiving signals via power distribution lines using protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Cable Transmission Systems, Equalization Of Radio And Reduction Of Echo (AREA)

Abstract

The embodiment of the present invention provides the system and method for segmentation and then encipherment scheme in power line communication (PLC).Node or equipment generate the frame for the destination node being sent in PLC network.It includes the data load for being sent to the data of destination node that processor in node, which is configured to generate,.Data load is divided into two or more loading segment and encrypted to loading segment by processor.Processor is for each encrypted payload segmentation creation frame, wherein each frame includes Message Integrity Code.Processor creates segment identifiers for each frame using Message Integrity Code and with the authentication key of purpose PLC nodes sharing.The segment identifiers are added to each frame.

Description

Utilize segmentation and then power line communication (PLC) network node of encryption safe
Background technique
Power line (PLC) communication includes transmitting data on it and being also used to pass to house, building and other houses The system that the same medium (such as conducting wire, power line or other conductors) of power transmission power uploads delivery data.In brief, PLC is Have and modulates signal of communication on power line.This makes it possible to the interconnection device in the case where not introducing any new conducting wire or cable.This A ability is extremely attractive in widespread adoption, can drive the bigger intelligence and efficiency by network.PLC is applied Utility meter table, home domain network and household electrical appliance and Lighting control.
PLC is the general name of any technology for using power line as communication channel.It is carrying out in the world at present Various PLC standardization are attempted.Different standards is focused on being related to the different performance factor and problem of concrete application and operating environment. Two kinds of foremost PLC standards are G3 and PRIME.G3 ratifies via International Telecommunication Union (ITU).IEEE, which is being developed, to be based on The IEEE P1901.2 standard of G3.Each PLC standard has its own unique characteristic.
Realize that the mode of PLC system depends on local regulation, characteristic of local power grid etc..It can be used for the frequency band of PLC user Position dependent on system.In Europe, PLC frequency band is limited by CENELEC (Comite Europeen de Normalisation Electrotechnique). CENELEC-A frequency band (3kHz-95kHz) is exclusively used in energy provider.The opening of CENELEC-B, C, D frequency band is answered for terminal user With may include PLC user.In general, 36 tones that PLC system is separated using interval 1.5675kHz are in CENELEC A frequency It is operated between 35-90kHz in band, in the U.S., the launch requirements started at 535kHz, therefore PLC system is had been carried out in FCC Uniting has the FCC frequency band of the slave 154-487.5kHz using interval 4.6875kHz 72 tones separated.In other portions, the world Point, using different frequency bands, such as operated by what radio industry and commercial guild (ARIB) limited in 10-450kHz in Japan , and operated by what Institute of Electric Power (EPRI) limited in 3-90kHz in China.
When physics maximum transmission unit (MTU) size in systems does not allow to transmit entire frame, passed using segmentation Send big frame.In some standards, such as IEEE P1901.2 and G3 was once segmented in MAC.If it is greater than particular size, Then incoming frame is segmented by the MAC layer in sending side.In receiving side, MAC layer carries out regrouping process.
MAC layer is also responsible for being encrypted to provide safety.This encryption can carry out before or after segmentation.If It is carried out before being encrypted in segmentation, then there is potential security threat, because MAC header (MHR) does not encrypt.Receiver is in this respect Under not can determine that false grouping until until recombination completion.It on the other hand, can be due to disappearing if encryption carries out after fragmentation Cease integrity check fields (MIC) and safety filling necessary for the usually encryption mechanism used in PLC network (Padding) presence and lead to additional expense.
Summary of the invention
In one embodiment, the system for sending encryption grouping in power line communication (PLC) network is disclosed And method.
PLC node or equipment generate the frame for the destination node being sent in PLC network.Processor in node is matched It is set to the data load for generating the data including being sent to destination node.Data load is divided into two or more by processor Multiple loading segments and to loading segment encrypt.Processor is for each encrypted payload segmentation creation frame, wherein each frame packet Include Message Integrity Code.Processor is directed to using Message Integrity Code and with the authentication key of purpose PLC nodes sharing Each frame creates segment identifiers.The segment identifiers are added to each frame.
Transmitter in node is configured to send the frame for having segment identifiers to purpose PLC node.MD5 can be used Algorithm creates segment identifiers.Authentication key and Message Integrity Code can be combined to create input value.MD5 algorithm from Output valve is generated in input value.Segment identifiers can be created from MD5 output valve.
In one embodiment, authentication key can be 128 bit keys, and Message Integrity Code can be 16 bits and follow Ring redundancy check (CRC) value, and preceding 16 bit of output valve can be used to create segment identifiers.
PLC node or device can also be from other node receiving frames in PLC network.PLC node includes receiver, It is configured as receiving the frame with frame segment identifiers, encrypted payload segmentation and Message Integrity Code.Processor in node It is configured as creating local segmentation for each frame using Message Integrity Code and with the authentication key of source PLC nodes sharing Identifier.If local segment identifiers mismatch frame segment identifiers, node reject frame.
If local segment identifiers match frame segment identifiers, processor extracts encrypted payload segmentation further to locate Reason.Encrypted payload can be segmented and combine with one or more other loading segments encrypted to create and receive by processor The load arrived.The load received is then decrypted to create the load of decryption.
Detailed description of the invention
After such general overview describes the present invention, now with reference to attached drawing, in which:
Fig. 1 is the figure of PLC system in accordance with some embodiments.
Fig. 2 is the block diagram of PLC device in accordance with some embodiments or modem.
Fig. 3 is the block diagram of PLC gateway in accordance with some embodiments.
Fig. 4 is the block diagram of plc data concentrator in accordance with some embodiments.
Fig. 5 is the schematic block diagram of the one embodiment for the system that diagram is configured for point-to-point PLC.
Fig. 6 is the block diagram of integrated circuit in accordance with some embodiments.
Fig. 7 diagram is used for the example embodiment of local utility PLC network.
Fig. 8 diagram transmitter expectation is sent to the encryption and segmentation of the MAC load of receiver.
Fig. 9 diagram replaces the malice fragmented frame of original segment sent.
Figure 10 illustrates the use of the segment identifiers according to one embodiment.
Figure 11 is the flow chart of the process of frame of the explanation for sending segmentation, encryption with secure identifier.
Specific embodiment
More fully description is of the invention with reference to the accompanying drawings below.However, it is possible to implement the present invention in many different forms, And the present invention should not be construed as being limited to embodiment set forth herein.On the contrary, the offer of these embodiments is so that originally Open is abundant and complete, and gives full expression to the scope of the present invention to those skilled in the art.Those skilled in the art Each embodiment of the invention can be able to use.
Fig. 1 illustrates power line communication network in accordance with some embodiments.Middle pressure (MV) power line from child node 101 103 usually deliver the voltage in tens of thousands of volt ranges.MV electric power is gradually dropped to the electricity of the low pressure (LV) on LV line 105 by transformer 104 Power, LV line 105 carry the voltage in the range of 100-240VAC.Transformer 104 is usually designed to work in the non-of 50-60Hz Often low frequency.Transformer 104 is generally not allowed high-frequency (all such as larger than signals of 100kHz) in LV line 105 and MV line 103 Between pass through.LV line 105 is via the gauge table or node 106a-n being typically mounted on outside house 102a-n by feeding power To user.Although 102a-n is referred to as " house ", house (premises) 102a-n may include any kind of building Object, facility, electric vehicle charge node or reception and/or the other positions for consuming electric power.Circuit breaker panel such as panel 107 mentions For the interface between the electrical lead 108 in gauge table 106n and premises 102n.The inserting into house 102n of electrical lead 108 Seat 110, switch 111 and other power equipments transmit electric power.
The power line topology of Fig. 1 diagram can be used for providing high-speed communication to house 102a-n.In some implementations, Power line communication modem or gateway 112a-n can be coupled to LV power line 105 in gauge table 106a-n.PLC modulatedemodulate It adjusts device/gateway 112a-n to can be used for sending data signals on MV line 103/LV line 105, and receives MV line 103/LV line Data-signal on 105.This data-signal can be used for supporting metering and power Transmission application (for example, smart grid is answered With), communication system, high-speed Internet, phone, video conference and video conveying (naming a few).By in power transmission Telecommunications and/or data-signal are sent on network, do not need that new cable is installed for each user 102a-n.Therefore, by using Existing electric power distribution system delivers data-signal, can significantly save cost.
Illustrative method for sending data on power line can be used with the frequency different from electric power signal Carrier signal.It can be by for example using such as OFDM technology or the data-modulated carrier of similar description (such as G3-PLC standard) Signal.
PLC modem or gateway 112a-n at house 102a-n are transported data using MV/LV power network The plc data concentrator perhaps data of router 114 and delivery from plc data concentrator or router 114 are downloaded to, Without requiring additional wiring.Data concentrator or router 114 may be coupled to MV line 103 or LV line 105.Modulatedemodulate Adjust device or gateway 112a-n that can support such as High Speed Broadband Internet link, narrowband control application, low bandwidth data acquisition Using etc. application.For example, in the home environment, modem or gateway 112a-n can be further such that family and build Building object can automatically warm oneself and air conditioning, illumination and security protection.Moreover, PLC modem or gateway 112a-n can be with AC or the DC charging of enabled electric vehicle and other application.The example of AC DC charger is illustrated as PLC device 113.In room Outside room, power line communication network can provide street lighting control and the acquisition of remote power table data.
One or more plc data concentrator or router 114 may be coupled to control centre via network 120 130 (for example, utility companies).Network 120 may include such as IP-based network, internet, cellular network, WiFi net Network, WiMax network etc..Therefore, control centre 130 may be configured to collect by (multiple) concentrator 114 from (multiple) The power consumption and other types of relevant information of gateway 112 and/or (multiple) equipment 113.Additionally or alternatively, it controls Center 130 processed can be configured as by the way that smart grid strategy and other regulations or business rules are passed through (multiple) concentrator 114 communications realize this rule-like to (multiple gateways) each gateway 112 and/or (multiple) equipment 113.
Fig. 2 is the block diagram of PLC device 113 in accordance with some embodiments.As indicated, AC interface 201 can be according to permission PLC Equipment 113 switches the mode of the connection between conducting wire 108a and 108b, the electricity being coupled in house 112n using switching circuit etc. Line 108a and 108b.However, in other embodiments, AC interface 201 can be connected to single conducting wire 108 (that is, being not required to conducting wire 108 are divided into conducting wire 108a and 108b) and be not required to provide this switching capability.When work, AC interface 201 can permit PLC and draw It holds up 202 and sends and receivees PLC signal on conducting wire 108a-b.In some cases, PLC device 113 can be PLC modulation /demodulation Device.Addition or alternatively, PLC device 113 can be smart grid equipment (for example, AC DC charger, gauge table Deng), household electrical appliance (appliance) or for be located at the other electrical components of house 112n either internally or externally (for example, street Road illumination etc.) control module.
PLC engine 202 can be configured as using special frequency band via AC interface 201 on conducting wire 108a and/or 108b Send and/or receive PLC signal.In some embodiments, PLC engine 202 may be configured to send ofdm signal, but also Other types of modulation scheme can be used.Therefore, PLC engine 202 may include or be configured in other ways with Metering perhaps observation circuit (not shown) communication metering or observation circuit so be configured to via conducting wire 108,108a and/ Or 108b measures the power consumption characteristic of certain equipment or household electrical appliance.PLC engine 202 can receive this power consumption letter Breath, is encoded to one or more PLC signal, and by conducting wire 108,108a and/or 108b send it to compared with High level PLC device (for example, PLC gateway 112n, data aggregators 114 etc.) is to be further processed.On the contrary, PLC engine 202 can receive from this higher level PLC device for example with the instruction of PLC Signal coding and/or other letters Breath, thus the special frequency band for allowing PLC engine 202 that it is selected to be worked.
Fig. 3 is the block diagram of PLC gateway 112 in accordance with some embodiments.As shown in this example, 301 coupling of gateway engine It closes gauge table interface 302, local communication interface 304 and frequency band and uses database 304.Gauge table interface 302 is coupled to metering Table 106, and local communication interface 304 be coupled to it is one or more in various PLC devices, such as, for example, PLC fill Set 113.Local communication interface 304 can provide various communication protocols, such as, for example, ZigBee, bluetooth (Bluetooth), Wi-Fi, Wi-Max, Ethernet (Ethernet) etc., communication protocol can enable gateway 112 and a variety of distinct devices and Household electrical appliance communication.When work, gateway engine 301 can be configured as collection from PLC device 113 and/or other equipment with And the communication of gauge table 106, and the interface being used as between these various equipment and plc data concentrator 114.Gateway engine 301 can be additionally configured to distribute frequency band to specific equipment and/or provide information to these equipment, allow them to distribute certainly The working frequency of its own.
In some embodiments, PLC gateway 112 can be arranged in house 102n or nearby, and be used as arrival And/or the gateway of whole plc communications from house 102n.However, in other embodiments, PLC gateway can be not present 112, and PLC device 113 (and gauge table 106n and/or other household electrical appliance) can directly with plc data concentrator 114 Communication.When there are PLC gateway 112, PLC gateway 112 may include database 304, wherein having for example by house 102n The currently used frequency band of each PLC device 113 record.The example of this record may include such as equipment identification information (for example, sequence number, device id etc.), application profile, device class and/or currently allocated frequency band.Therefore, gateway engine 301 assignment, distribution or in other ways management be assigned to the frequency band of its various PLC device when database 305 can be used.
Fig. 4 is the block diagram of plc data concentrator or router 114 in accordance with some embodiments.Gateway interface 401 is coupled to Data concentrator engine 402, and can be configured as and communicated with one or more PLC gateway 112a-n.Network interface 403 are additionally coupled to data concentrator engine 402 and may be configured to communicate with network 120.When work, data concentrator draws Holding up 402 can be used to collect the information sum number from multiple gateway 112a-n before forwarding the data to control centre 130 According to.Be not present PLC gateway 112a-n in the case where, can use be configured to gauge table 116a-n, PLC device 113 and/ Or the gauge table and/or equipment interface (not shown) of other household electrical appliance direct communications replace gateway interface 401.In addition, such as PLC gateway 112a-n is not present in fruit, is similar to then frequency usage database 404 may be configured to storage above in relation to data The described record in library 304.
Fig. 5 is the schematic block diagram of the one embodiment for the system 500 that diagram is configured for point-to-point PLC.System 500 can To include PLC transmitter 501 and PLC receiver 502.For example, PLC gateway 112 can be configured as PLC transmitter 501, and PLC device 113 can be configured as PLC receiver 502.Alternatively, PLC device 113 can be configured as PLC transmitter 501, and PLC gateway 112 can be configured as PLC receiver 502.In another embodiment, data concentrator 114 can be by It is configured to PLC transmitter 501 or PLC receiver 502, and is configured as and the PLC gateway 112 in point-to-point system 500 Or PLC device 113 combines.In another embodiment, multiple PLC devices 113 can be configured as shown in Figure 5 in point The direct communication into PLC system 500.In addition, child node 101 can be configured in point-to-point system 500 as described above. Those skilled in the art will appreciate that the various configurations appropriate for point-to-point PLC system 500 described in Fig. 5.
Fig. 6 is the different modulating skill for use in accordance with some embodiments for each tone mask in PLC network Art realizes the block diagram of the circuit of the transmission of multiple beacon frames.It in some cases, can be according to realizing Fig. 1-figure shown in Fig. 6 One or more equipment and/or device shown in 5.In some embodiments, processor 602 can be at digital signal Manage device (DSP), specific integrated circuit (ASIC), system on chip (SoC) circuit, field programmable gate array (FPGA), micro process Device, microcontroller etc..Processor 602 is coupled to one or more peripheral equipment 604 and external memory 603.Some In the case of, external memory 603 can be used for storing and/or maintaining database 304 shown in Fig. 3 and/or data shown in Fig. 4 Library 404.In addition, processor 602 may include for transmitting the driver of signal to external memory 603 and for setting to the periphery Other drivers of standby 604 transmitting signal.Power supply 601 provides supply voltage to processor 602, and to memory 603 and/or Peripheral equipment 604 provides one or more supply voltage.It in some embodiments, may include being more than for processor 602 One example (and also may include more than one external memory 603).
Depending on the type of PLC system, peripheral equipment 604 may include any desired circuit system.For example, in embodiment In, peripheral equipment 604 may be implemented local communication interface 303 and including for various types of wireless communication (such as Wi- Fi, ZigBee, bluetooth, honeycomb, global positioning system etc.) equipment.Peripheral equipment 604 can also include additional storage, packet Include RAM reservoir, solid state memory or disk reservoir.In some cases, peripheral equipment 604 may include user interface Equipment, including touch display screen or multitouch display screen, keyboard or other input units, microphone, loudspeaker etc. Display screen.
External memory 603 may include any kind of memory.For example, external memory 603 may include SRAM; Non-volatile ram (NVRAM, such as " flash " memory);And/or dynamic ram (DRAM) such as synchronous dram (SDRAM);It is double SDRAM, DRAM etc. of data transfer rate (DDR, DDR2, DDR3 etc.).External memory 603 may include being mounted with memory device thereon One or more memory module of part, such as signle in-line memory module (SIMM), dual-in-line memories Module (DIMM) etc..
Fig. 7 shows the example embodiment of the PLC network 700 for local utility company plc communication system.Network 700 pass through corresponding transformer 710a-n and LV line 706a-n including each node in LV node 702a-n and 702a-n It is connected to MV power line 720.Router or modem 714 are also connected to MV power line 720.Sub-network 728 is faced Near field 728 can be indicated by the combination of node 702a-n and router 714.Active router 712 and router 716 are also connected It is connected to MV line 720, is powered by power network 722.Power network 722 indicates high tension distribution system.
Active router 712 can be the gateway of telecommunication backbone net 724 and local utility company or control centre. Active router 712 can by router collect data be sent to local utility company 726 and can also to network its Order of the remaining part point broadcast from local utility company 726.Order from local utility company 726 can require In the data collection of preset time, changes communication protocol and other softwares or communication updates.
In UL communication, the node 702a-n in close region 728 can pass through its corresponding transformer 710a-n to MV Router 714 uses and load information (" data ").Router 714 by this data forwarding to active router 712, passes through in turn Telecommunication backbone net 724 transmits data to utility company 726.In (router 714 arrives node 702a-n) DL communication period It sends the request for carrying out data upload or carries out the order of other tasks.
When MAC load is encrypted first to be then segmented, the MHR of unencryption is added to the load of encryption.This will lead to Potential safety problem, this is because malicious node can capture the MHR and inject malice or " forgery " segmentation.It receives Device will not be able to detection have received malice or forge segmentation until receiver to the load of encryption recombinated with And until decryption.
For example, Fig. 8 shows the encryption and segmentation for being sent to the MAC load of receiver to transmitter expectation.MAC load 801 It is encrypted by transmitter to create and encrypt MAC load 802, then encryption MAC load 802 is segmented into three encryption MAC load point Section 803.MHR 804 and CRC 805 is added to each segmentation 803 to create frame 806.Transmitter then sends three to receiver A frame 806.
However, as shown in figure 9, rogue device can listen to segmentation 806, and may potentially send malice segmentation 901 To substitute original second segmentation 806-2.This malice frame 901 is possible, this is because MHR 806-2 is unencryption.It dislikes Meaning equipment can rebuild correct MHR806-2 and be inserted into the data of malice or " forgery " as load 902.903 quilt of CRC It is attached to malice frame, malice frame is then communicated to receiver.Desired receiver will not be able to monitoring malice load 902 and Maneuvering load 803-1,902 and 803-3 is continued into regrouping process.
After recombination segmentation, receiver starts decryption processing, and only at this moment just detects that frame is damaged.However, i.e. Make when receiver detects the frame of damage, receiver will be unaware which (which) segmentation includes mistake.The problem is for being It is very serious for system, this is because transmitter, which will be unaware that, has occurred the event, but be alternatively considered as all being segmented by It is successfully transmitted.
The reason of this security threat is that receiver can not detect malice segmentation without decryption processing The fact.In order to avoid this situation, segment identifiers are introduced into each segmentation by proposed system and method.Point Segment identifier field may, for example, be the authentication key of frame and the asymmetric step function of CRC.Segment identifiers can have than CRC or Person's Message Integrity Code (MIC) smaller size.In one embodiment, segment identifiers size is two bytes.
It is uniquely that malice transmitter cannot in view of only trusted node knows authentication key and CRC is for every frame Enough rebuild identical segment identifiers.It even, will if malice transmitter knows the algorithm for creating segment identifiers Do not know authentication key required for creation segment identifiers.
It should be asymmetrical for generating the algorithm of segment identifiers in order to ensure the safety of this feature, so that CRC and identifier, which is only used only, can not obtain authentication key.
When receiving segmentation, receiver will use authentication key and segmentation CRC to calculate local fragmentation value.Receiver is every More local fragmentation value and segment identifiers in a segmentation, and there are the segment identifiers for mismatching local computing value by abandoning Any segmentation.
It is this to change the replay attack for helping prevent malice transmitter because CRC changes frame by frame.Also, although Segment identifiers are unencryptedly sent, and malice transmitter will not be able to creation malice frame, because the CRC of malice load cannot be with For creating the CRC match of segment identifiers, and because malice transmitter will be made without being used to create segment identifiers Key.
Figure 10 illustrates the use of the segment identifiers according to one embodiment.Frame 1000 is generated by transmitter and including report First 1001, segment identifiers 1002, encrypted payload 1003 and CRC1004.Header 1001 includes for example from transmitter to desired The routing iinformation of receiver.Encrypted payload be from biggish data frame extract and be decrypted, from transmitter send To the segmentation of the data of receiver.CRC 1004 is the message integrity check for header 1001 and load 1003.Utilize hair Send CRC 1004 and authentication key known to device and desired receiver, transmitter using transmitter and desired receiver it is also known that Algorithm generate segment identifiers 1002.Frame 1000 is then communicated to desired receiver.
In one embodiment, the mechanism for creating segment identifiers is that the MD5 message-defined in RFC 1321 is plucked Want algorithm.Input to MD5 algorithm is the 128 bit authentication keys with 16 bit CRC splicing.It is defeated that MD5 algorithm generates 128 bits Out.Preceding 16 byte of 128 bit MD5 output is used as segment identifiers.It should be understood that any other calculation can be used Method generates segment identifiers using authentication key and frame information (for example, CRC).CRC is (for example, 16 bits or some of CRC Other parts) can be used to segment identifiers in whole or in part.In addition, segment identifiers can have any fit Work as length, such as 16 bits or other amount of bits.
Figure 11 is the flow chart of process of the diagram for sending the frame for being segmented, having encrypted with secure identifier.In step In rapid 1101, data load is divided into multiple independent segmentations by transmitter.It can be based on for example maximum frame sign or maximum load Lotus size come select segmentation quantity.In step 1102, using Encryption Algorithm known to transmitter and desired receiver, by The segmentation of transmitter encrypted payload.In step 1103, frame is created for the loading segment of each encryption.Frame includes header and MIC, Such as 16 bit CRC.
In step 1104, using MIC and the authentication key shared with desired receiver for each segmentation creation point Segment identifier.In one embodiment, it comes together to generate segmentation mark using MD5 algorithm together with CRC using 128 bit authentication keys Know symbol.In step 1105, segment identifiers are added to each fragmented frame.In a step 1106, frame is then communicated to the phase The receiver of prestige.
In step 1107, receiver extracted from the fragmented frame received MIC (for example, CRC) and using MIC together with Authentication key comes together to generate local segment identification identifier value.In step 1108, by local segment identification identifier value with receive The segment identifiers of frame not encrypted compare.In step 1109, receiver determines whether segment identifiers match.If It is matched, then received with the segment identifiers extracted from the frame received by the segment identifiers that receiver calculates in step 107 The encrypted payload of the frame arrived and the segmentation of other encrypted payloads recombinate, and are then decrypted in step 1110.Otherwise, if divided Segment identifier mismatches, then in step 1111, the frame received is rejected.
From the introduction described above provided with attached drawing, those skilled in the art belonging to the present invention will obtain the present invention It is many modification and other embodiment.Thus, it will be appreciated that the present invention is not limited to disclosed specific embodiments.Although adopting herein It with concrete term, but is only to be come with general and descriptive meaning using rather than in order to limit.

Claims (20)

1. a kind of method for identifying frame in power line communication, that is, PLC network comprising:
Data load is generated in PLC network node, the data load includes being sent to the data of purpose PLC node;
The data load is divided into two or more loading segment;
The loading segment is encrypted;
Frame is created for the loading segment of each encryption, each frame includes Message Integrity Code;
Splice authentication key and the Message Integrity Code to create input value;
5 algorithms of informative abstract, that is, MD5 algorithm output valve is generated according to the input value;
Segment identifiers are created according to the MD5 algorithm output valve for each frame;And
Segment identifiers are added to each frame;And
The purpose PLC hardware node is sent by the frame with segment identifiers.
2. according to the method described in claim 1, wherein the authentication key is 128 bit keys, the message integrity generation Code is 16 bit cyclic redundancy values i.e. crc value, and preceding 16 bit of the MD5 algorithm output valve be used to create it is described Segment identifiers.
3. a kind of method for examining frame in power line communication network, that is, PLC network comprising:
The receiving frame at PLC network hardware node, the frame include frame segment identifiers, encrypted payload segmentation and message integrity Code;
Splice authentication key and the Message Integrity Code to create input value;
MD5 algorithm output valve is generated according to the input value;
Each frame is directed to according to the MD5 using the Message Integrity Code and with the authentication key of source PLC nodes sharing Algorithm output valve creates local segment identifiers;
If the local segment identifiers match the frame segment identifiers, the encrypted payload segmentation is extracted with further Processing;And
If the local segment identifiers mismatch the frame segment identifiers, refuse the frame.
4. according to the method described in claim 3, further comprising:
Encrypted payload segmentation is combined with one or more other encrypted payloads segmentation to create and receive Load;And
To the load decryption received to create decryption load.
5. according to the method described in claim 3, wherein the authentication key is 128 bit keys, the message integrity generation Code is 16 bit cyclic redundancy values i.e. crc value, and preceding 16 bit of the MD5 algorithm output valve is for creating described Ground segment identifiers.
6. a kind of for generating the power line communication hardware of the frame of the destination node to be passed being sent in power line communication i.e. PLC network Equipment comprising:
Processor, the processor are configured to:
Generating includes the data load for being sent to the data of the destination node;
The data load is divided into two or more loading segment;
The loading segment is encrypted;
It is segmented creation frame for each encrypted payload, each frame includes Message Integrity Code;
Combination attestation key and the Message Integrity Code are to create input value;
5 algorithm output valve of informative abstract, that is, MD5 algorithm output valve is generated according to the input value;
Segment identifiers are created according to the MD5 algorithm output valve for each frame;And
Segment identifiers are added to each frame.
7. hardware device according to claim 6, further comprising:
Transmitter is configured as sending the frame with segment identifiers to the purpose PLC node.
8. hardware device according to claim 6, wherein the authentication key is 128 bit keys, the message is complete Property code is 16 bit cyclic redundancy values i.e. crc value, and preceding 16 bit of the MD5 algorithm output valve is used to create The segment identifiers.
9. a kind of equipment for handling the frame received from the node in power line communication network, that is, PLC network comprising:
Receiver is configured to:
Receiving includes frame segment identifiers, encrypted payload is segmented and the frame of Message Integrity Code;And
Processor is configured to:
Combination attestation key and the Message Integrity Code are to create input value;
MD5 algorithm output valve is generated according to the input value;
Each frame is directed to according to the MD5 using the Message Integrity Code and with the authentication key of source PLC nodes sharing Algorithm output valve creates local segment identifiers;
If the local segment identifiers match the frame segment identifiers, the encrypted payload segmentation is extracted with further Processing;And
If the local segment identifiers mismatch the frame segment identifiers, refuse the frame.
10. equipment according to claim 9, the processor is configured to:
Encrypted payload segmentation is combined with one or more other encrypted payloads segmentation to create and receive Load;And
To the load decryption received to create decryption load.
11. equipment according to claim 9, wherein the authentication key is 128 bit keys, the message integrity generation Code is 16 bit cyclic redundancy values i.e. crc value, and preceding 16 bit of the MD5 algorithm output valve is for creating described Ground segment identifiers.
12. a method of for identifying frame in power line communication, that is, PLC network comprising:
Data load is generated in PLC network hardware node, the data load includes the number for being sent to purpose PLC node According to;
The data load is divided into two or more loading segment;
The loading segment is encrypted before segmentation;
Frame is created for the loading segment of each encryption, each frame includes Message Integrity Code;
It is created using the Message Integrity Code and the authentication key shared with the purpose PLC hardware node for each frame Build segment identifiers;
Segment identifiers are added to each frame;And
The purpose PLC hardware node is sent by the frame with segment identifiers.
13. the method according to claim 11, further comprising:
The segment identifiers are created using MD5 algorithm.
14. the method according to claim 11, the method further includes:
Splice the authentication key and the Message Integrity Code to create input value;
MD5 algorithm output valve is generated according to the input value;And
The segment identifiers are created according to output valve.
15. a kind of method for examining frame in power line communication network, that is, PLC network comprising:
The receiving frame at PLC network hardware node, the frame include frame segment identifiers, encrypted payload segmentation and message integrity Code;
It is created locally using the Message Integrity Code and the authentication key shared with source PLC hardware node for each frame Segment identifiers;
If the local segment identifiers match the frame segment identifiers, the encrypted payload segmentation is extracted with further Processing;And
If the local segment identifiers mismatch the frame segment identifiers, refuse the frame.
16. the method according to claim 11, further comprising:
Encrypted payload segmentation is combined with one or more other encrypted payloads segmentation to create and receive Load;And
To the load decryption received to create decryption load.
17. a kind of power line communication for generating the frame of the destination node to be passed being sent in power line communication i.e. PLC network is hard Part equipment comprising:
Processor, the processor are configured to:
Generating includes the data load for being sent to the data of the purpose PLC hardware node;
The data load is divided into two or more loading segment;
The loading segment is encrypted before segmentation;
It is segmented creation frame for each encrypted payload, each frame includes Message Integrity Code;
Using the Message Integrity Code and the authentication key shared with purpose PLC hardware node for the creation point of each frame Segment identifier;And
Segment identifiers are added to each frame.
18. power line communication hardware device according to claim 17, further comprises transmitter, the transmitter quilt It is configured to send the frame with segment identifiers to the purpose PLC hardware node.
19. a kind of equipment for handling the frame received from the node in power line communication, that is, PLC network comprising:
Receiver is configured to:
Receiving includes frame segment identifiers, encrypted payload is segmented and the frame of Message Integrity Code;And
Processor is configured to:
Local segmentation is created for each frame using the Message Integrity Code and with the authentication key of source PLC nodes sharing Identifier;
If the local segment identifiers match the frame segment identifiers, the encrypted payload segmentation is extracted with further Processing;And
If the local segment identifiers mismatch the frame segment identifiers, refuse the frame.
20. equipment according to claim 19, the processor is configured to:
Encrypted payload segmentation is combined with one or more other encrypted payloads segmentation to create and receive Load;And
The load received is decrypted to create decryption load.
CN201410520593.4A 2013-10-04 2014-09-30 Utilize segmentation and then power line communication (PLC) network node of encryption safe Active CN104518864B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910191548.1A CN109905246B (en) 2013-10-04 2014-09-30 Power Line Communication (PLC) network node with segmentation and then encryption security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/045,960 2013-10-04
US14/045,960 US9143327B2 (en) 2013-10-04 2013-10-04 Power line communication (PLC) network nodes using cipher then segment security

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201910191548.1A Division CN109905246B (en) 2013-10-04 2014-09-30 Power Line Communication (PLC) network node with segmentation and then encryption security

Publications (2)

Publication Number Publication Date
CN104518864A CN104518864A (en) 2015-04-15
CN104518864B true CN104518864B (en) 2019-04-19

Family

ID=52776962

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201410520593.4A Active CN104518864B (en) 2013-10-04 2014-09-30 Utilize segmentation and then power line communication (PLC) network node of encryption safe
CN201910191548.1A Active CN109905246B (en) 2013-10-04 2014-09-30 Power Line Communication (PLC) network node with segmentation and then encryption security

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201910191548.1A Active CN109905246B (en) 2013-10-04 2014-09-30 Power Line Communication (PLC) network node with segmentation and then encryption security

Country Status (2)

Country Link
US (3) US9143327B2 (en)
CN (2) CN104518864B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9143327B2 (en) 2013-10-04 2015-09-22 Texas Instruments Incorporated Power line communication (PLC) network nodes using cipher then segment security
CN105981346B (en) * 2013-12-20 2019-11-12 瑞典爱立信有限公司 Energy conservation in wireless device
US10660038B2 (en) * 2017-06-30 2020-05-19 Qualcomm Incorporated Wake-up radio frame formats and device communications
CN108965309B (en) * 2018-07-27 2021-02-12 腾讯科技(深圳)有限公司 Data transmission processing method, device, system and equipment
CN109743353B (en) * 2018-12-04 2021-06-25 北京讯众通信技术股份有限公司 Data conversion method based on Internet of things
US11190022B2 (en) 2019-01-09 2021-11-30 Texas Instruments Incorporated Controller circuit for photovoltaic sub-module
US10797921B2 (en) 2019-02-12 2020-10-06 Texas Instruments Incorporated Threshold computation circuit for S-FSK receiver, integrated circuit, and method associated therewith
US10778482B2 (en) 2019-02-12 2020-09-15 Texas Instruments Incorporated Bit slicer circuit for S-FSK receiver, integrated circuit, and method associated therewith
US11342787B2 (en) 2019-03-20 2022-05-24 Texas Instruments Incorporated Controller circuit for photovoltaic module
US11350186B2 (en) 2019-03-20 2022-05-31 Texas Instruments Incorporated Monitoring circuit for photovoltaic module
CN110365368A (en) * 2019-08-29 2019-10-22 广东工业大学 A kind of power line carrier communication control method and system
US11540119B2 (en) * 2020-02-06 2022-12-27 Wiliot, LTD. System and method for providing secure and reliable communication over a low-energy wireless communication protocol
CN115225296B (en) * 2021-04-16 2024-04-12 华为技术有限公司 Encrypted data transmission method and related equipment
CN116743504B (en) * 2023-08-14 2023-10-17 佳瑛科技有限公司 Safe transmission method and system for digital data in network cable

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008069403A1 (en) * 2006-12-05 2008-06-12 Electronics And Telecommunications Research Institute Apparatus and method for protecting rfid data
CN101827009A (en) * 2009-03-04 2010-09-08 丛林网络公司 Routing frames in a trill network using service vlan identifiers
CN102160324A (en) * 2008-09-19 2011-08-17 皇家飞利浦电子股份有限公司 A method for secure communication in a network, a communication device, a network and a computer program therefor
CN102263565A (en) * 2010-05-24 2011-11-30 Smk株式会社 Radio communication module, remote controller, and radio system

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002508643A (en) * 1997-12-15 2002-03-19 イナリ、インコーポレイテッド Power line exchange protocol method and equipment
CN100428751C (en) * 2000-12-25 2008-10-22 松下电器产业株式会社 Apparatus and method for security processing of communication packets
US7027577B2 (en) 2002-08-26 2006-04-11 Telefonaktiebolaget Lm Ericsson (Publ) Method and system for multi-party call conferencing
US20040111610A1 (en) * 2002-12-05 2004-06-10 Canon Kabushiki Kaisha Secure file format
US20040193891A1 (en) * 2003-03-31 2004-09-30 Juha Ollila Integrity check value for WLAN pseudonym
KR100574960B1 (en) * 2003-11-25 2006-05-02 삼성전자주식회사 The dividing method for payload intra-frame
US7353388B1 (en) * 2004-02-09 2008-04-01 Avaya Technology Corp. Key server for securing IP telephony registration, control, and maintenance
US7992193B2 (en) * 2005-03-17 2011-08-02 Cisco Technology, Inc. Method and apparatus to secure AAA protocol messages
CN101026617B (en) 2006-02-18 2010-09-15 华为技术有限公司 Media resource scheduling method for IMS network
KR100915805B1 (en) * 2006-06-20 2009-09-07 삼성전자주식회사 Apparatus and method for communicating mac layer data in broadband wireless communication system
CN101426196A (en) * 2007-11-02 2009-05-06 华为技术有限公司 Paging message data distributing method, base station and mobile station
JP2010192944A (en) * 2009-02-13 2010-09-02 Sony Corp Content distribution apparatus, content use apparatus, content distribution system, content distribution method and program
EP2244435B1 (en) 2009-04-20 2015-07-22 Accenture Global Services Limited IMS application server, network, method, and computer program product for executing services, particularly IP contact center services
CN101894030A (en) * 2010-06-29 2010-11-24 福建新大陆通信科技股份有限公司 Television set top box USB interface-based data anti-theft updating method
CN102201924A (en) * 2011-07-07 2011-09-28 无锡智感星际科技有限公司 Method for distributing file based on RDS unidirectional broadcast channel
US9338172B2 (en) * 2013-03-13 2016-05-10 Futurewei Technologies, Inc. Enhanced IPsec anti-replay/anti-DDOS performance
US9143327B2 (en) * 2013-10-04 2015-09-22 Texas Instruments Incorporated Power line communication (PLC) network nodes using cipher then segment security

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008069403A1 (en) * 2006-12-05 2008-06-12 Electronics And Telecommunications Research Institute Apparatus and method for protecting rfid data
CN102160324A (en) * 2008-09-19 2011-08-17 皇家飞利浦电子股份有限公司 A method for secure communication in a network, a communication device, a network and a computer program therefor
CN101827009A (en) * 2009-03-04 2010-09-08 丛林网络公司 Routing frames in a trill network using service vlan identifiers
CN101827009B (en) * 2009-03-04 2012-12-19 丛林网络公司 Routing frames in a trill network using service vlan identifiers
CN102263565A (en) * 2010-05-24 2011-11-30 Smk株式会社 Radio communication module, remote controller, and radio system

Also Published As

Publication number Publication date
CN104518864A (en) 2015-04-15
US9742785B2 (en) 2017-08-22
US20150098569A1 (en) 2015-04-09
US20160330213A1 (en) 2016-11-10
US9143327B2 (en) 2015-09-22
US9425955B2 (en) 2016-08-23
CN109905246A (en) 2019-06-18
CN109905246B (en) 2022-05-03
US20150381355A1 (en) 2015-12-31

Similar Documents

Publication Publication Date Title
CN104518864B (en) Utilize segmentation and then power line communication (PLC) network node of encryption safe
US6885674B2 (en) Communications system for providing broadband communications using a medium voltage cable of a power system
Carcelle Power line communications in practice
Hersent et al. The internet of things: Key applications and protocols
US20100034386A1 (en) Device manager repository
CN108430038B (en) The method and system that multiterminal are communicated based on bluetooth multiterminal
CN106603400A (en) Data transmission method based on narrow band Internet of things and gateway
CN107113287A (en) The method that device-to-device communication is performed between subscriber's installation
US20120236879A1 (en) Coexistence in communication system
CN103905180A (en) Method for enabling classical application to have access to quantum communication network
JP2016513927A (en) Method, apparatus and computer program for transmitting and / or receiving signals via a power grid
Cam-Winget et al. Applicability statement for the routing protocol for low-power and lossy networks (RPL) in advanced metering infrastructure (AMI) networks
CN102113269B (en) Connection unit for the grafting cable of POE network
CN212343809U (en) Edge type cellular Internet of things private network system
Cortés et al. Smart metering systems based on power line communications
US20190319456A1 (en) Method and Apparatus for Sensing a DC or AC Electrical Receptacle and Line to Load Switching
CN108111515B (en) End-to-end secure communication encryption method suitable for satellite communication
Berganza et al. PLC for smart grid
CN101877693A (en) Method, device and system for obtaining public key
Huczala et al. Capturing energy meter data over secured power line
Jain Management Protocols for IoT
Reinisch et al. Wireless communication in knx/eib
Anand Analysis of communication protocols for home area networks for Smart Grid
Hui et al. RFC 8036: Applicability Statement for the Routing Protocol for Low-Power and Lossy Networks (RPL) in Advanced Metering Infrastructure (AMI) Networks
CN116684832A (en) Communication system and communication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant